Apple Posts Security Content of Watch OS 1.0.1, and It's Sobering

By John Martellaro

May 20th, 2015 5:05 PM EDT

Apple, as it always does, has posted the security details of its Watch OS 1.0.1 update. If you thought this update was minor, thanks to Apple's typical low-key description, take a look at the details. Then update right away.

APPLE-SA-2015-05-19-1 Watch OS 1.0.1
Watch OS 1.0.1 is now available and addresses the following:
Certificate Trust Policy
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete list of certificates may be viewed at
https://support.apple.com/kb/204873
FontParser
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2015-1093 : Marc Schoenefeld
Foundation
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: An application using NSXMLParser may be misused to disclose information
Description: An XML External Entity issue existed in NSXMLParser's handling of XML. This issue was addressed by not loading external entities across origins.
CVE-ID
CVE-2015-1092 : Ikuya Fukumoto
IOHIDFamily
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A malicious application may be able to determine kernel
memory layout
Description: An issue existed in IOHIDFamily that led to the
disclosure of kernel memory content. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2015-1096 : Ilja van Sprundel of IOActive
IOAcceleratorFamily
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A malicious application may be able to determine kernel
memory layout
Description: An issue existed in IOAcceleratorFamily that led to the disclosure of kernel memory content. This issue was addressed by removing unneeded code.
CVE-ID
CVE-2015-1094 : Cererdlong of Alibaba Mobile Security Team
Kernel
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A malicious application may be able to cause a system denial of service
Description: A race condition existed in the kernel's setreuid
system call. This issue was addressed through improved state
management.
CVE-ID
CVE-2015-1099 : Mark Mentovai of Google Inc.
Kernel
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: An attacker with a privileged network position may be able to redirect user traffic to arbitrary hosts
Description: ICMP redirects were enabled by default. This issue was addressed by disabling ICMP redirects.
CVE-ID
CVE-2015-1103 : Zimperium Mobile Security Labs
Kernel
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A remote attacker may be able to cause a denial of service
Description: A state inconsistency issue existed in the handling of TCP out of band data. This issue was addressed through improved state management.
CVE-ID
CVE-2015-1105 : Kenton Varda of Sandstorm.io
Kernel
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A malicious application may escalate privileges using a
compromised service intended to run with reduced privileges
Description: setreuid and setregid system calls failed to drop
privileges permanently. This issue was addressed by correctly
dropping privileges.
CVE-ID
CVE-2015-1117 : Mark Mentovai of Google Inc.
Kernel
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A remote attacker may be able to bypass network filters
Description: The system would treat some IPv6 packets from remote network interfaces as local packets. The issue was addressed by rejecting these packets.
CVE-ID
CVE-2015-1104 : Stephen Roettger of the Google Security Team
Kernel
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: An attacker with a privileged network position may be able to cause a denial of service
Description: A state inconsistency existed in the processing of TCP headers. This issue was addressed through improved state handling.
CVE-ID
CVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab
Kernel
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A malicious application may be able to cause unexpected
system termination or read kernel memory
Description: An out of bounds memory access issue existed in the kernel. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-1100 : Maxime Villard of m00nbsd
Kernel
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-1101 : lokihardt@ASRT working with HP's Zero Day Initiative
Secure Transport
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: An attacker with a privileged network position may intercept SSL/TLS connections
Description: Secure Transport accepted short ephemeral RSA keys, usually used only in export-strength RSA cipher suites, on
connections using full-strength RSA cipher suites. This issue, also known as FREAK, only affected connections to servers which support export-strength RSA cipher suites, and was addressed by removing support for ephemeral RSA keys.
CVE-ID
CVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of Prosecco at Inria Paris